Helen recently pointed us to a Palo Alto blog posting on “security must reads”. I thought the Palo Alto post was interesting, but while I certainly encourage reading (whether for work or for fun), some of their entries seem a little goofy.
For example, I like William Gibson, and “Neuromancer” is one of my favorite books – I can’t tell you how many times I’ve read it. Many. I like “Mona Lisa Overdrive” even better. But a “must read” for a security professional? Hmmm…
I do have a list of “security papers must reads”, though. I was going to post this big long list, but I think I’ll start with some of my all-time general favorites and save the rest for later.
At the top of my list is Ken Thompson’s “Reflections on Trusting Trust“. This is a classic that I think really helps frame some of the challenges in Information Security. I’ll leave it to you to read the paper (its short and fairly easy to follow) and have your own “aha” moment.
Another “formative” paper for me was Robert Baldwin’s dissertation “Rule Based Analysis of Computer Security“, 1987. He describes (and implemented) an AI based system for analyzing the security of Unix systems. I was exposed to this through using Dan Farmer’s “COPS” software (see “The COPS Security Checker System“), which includes a modified version of Baldwin’s Kuang software. The name “Kuang” comes from “Neuromancer“, by the way, so perhaps I should rescind my comment about it not being a “must-read” above 🙂 The basic gist of Baldwin’s paper was to use AI techniques like backward chaining using the current system state and rules that describe the security model for a system to see whether there were ways to reach certain goals (such as “become root”) from a given start state (“I’m logged in as a non-root user”.) I spent some time using and trying to improve the software, which was very instructive for me. Kuang led to the development of other systems, like NetKuang. I frequently wonder what the future of AI and Information Security is, especially in these days of “Big Everything”…
I’ll also list Dan Geer’s essays on monocultures, especially “Cyberinsecurity: The Price of Monopoly“. I don’t think people think about this enough (or about separation of “trust domains”). There’s an attraction to the scalability of monocultures: I know from experience that its a lot easier to manage a few platforms rather than dozens, and its a lot easier to manage hundreds/thousands of systems if they’re all cut from the same pattern. But if something bad happens, it could happen to all of them at the same time. Oh, check this out also: “Heartbleed as Metaphor“, along the same theme…
Last one I’ll mention today is Bill Bryant’s “Designing an Authentication System: A Dialogue in Four Scenes“. This presents a fictional account of the design of Kerberos, one of the cornerstone’s of MIT’s Project Athena which has become one of the foundations of authentication systems across the Internet. If you’ve ever wanted to understand why authentication systems are designed the way they are, or why they are so hard to get right, but don’t want a uber-technical treatment of the subject THIS is the paper for you!
— Steve